diff mbox series

[ipsec-next,v12,4/4] xfrm: Restrict SA direction attribute to specific netlink message types

Message ID 718d3da5f5cd56c2444fb350516c7e5e022893c4.1713874887.git.antony.antony@secunet.com (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series xfrm: Introduce direction attribute for SA | expand

Checks

Context Check Description
netdev/series_format warning Target tree name not specified in the subject
netdev/tree_selection success Guessed tree name to be net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 941 this patch: 941
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 6 of 6 maintainers
netdev/build_clang success Errors and warnings before: 937 this patch: 937
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 952 this patch: 952
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 36 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Antony Antony April 23, 2024, 12:51 p.m. UTC 
Reject the usage of the SA_DIR attribute in xfrm netlink messages when
it's not applicable. This ensures that SA_DIR is only accepted for
certain message types (NEWSA, UPDSA, and ALLOCSPI)

Signed-off-by: Antony Antony <antony.antony@secunet.com>
---
v11 -> 12
     - fix spd look up. This broke xfrm_policy.sh tests
---
 net/xfrm/xfrm_user.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

--
2.30.2

Comments

Steffen Klassert April 26, 2024, 4:49 a.m. UTC | #1 
On Tue, Apr 23, 2024 at 02:51:21PM +0200, Antony Antony wrote:
> Reject the usage of the SA_DIR attribute in xfrm netlink messages when
> it's not applicable. This ensures that SA_DIR is only accepted for
> certain message types (NEWSA, UPDSA, and ALLOCSPI)
> 
> Signed-off-by: Antony Antony <antony.antony@secunet.com>
> ---
> v11 -> 12
>      - fix spd look up. This broke xfrm_policy.sh tests
> ---
>  net/xfrm/xfrm_user.c | 24 ++++++++++++++++++++++++
>  1 file changed, 24 insertions(+)
> 
> diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
> index d34ac467a219..5d8aac0e8a6f 100644
> --- a/net/xfrm/xfrm_user.c
> +++ b/net/xfrm/xfrm_user.c
> @@ -3200,6 +3200,24 @@ static const struct xfrm_link {
>  	[XFRM_MSG_GETDEFAULT  - XFRM_MSG_BASE] = { .doit = xfrm_get_default   },
>  };
> 
> +static int xfrm_reject_unused(int type, struct nlattr **attrs,
> +			      struct netlink_ext_ack *extack)

Maybe call that function xfrm_reject_unused_attr to make it clear
what is unused here?
Antony Antony April 26, 2024, 7:50 a.m. UTC | #2 
On Fri, Apr 26, 2024 at 06:49:38AM +0200, Steffen Klassert via Devel wrote:
> On Tue, Apr 23, 2024 at 02:51:21PM +0200, Antony Antony wrote:
> > Reject the usage of the SA_DIR attribute in xfrm netlink messages when
> > it's not applicable. This ensures that SA_DIR is only accepted for
> > certain message types (NEWSA, UPDSA, and ALLOCSPI)
> > 
> > Signed-off-by: Antony Antony <antony.antony@secunet.com>
> > ---
> > v11 -> 12
> >      - fix spd look up. This broke xfrm_policy.sh tests
> > ---
> >  net/xfrm/xfrm_user.c | 24 ++++++++++++++++++++++++
> >  1 file changed, 24 insertions(+)
> > 
> > diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
> > index d34ac467a219..5d8aac0e8a6f 100644
> > --- a/net/xfrm/xfrm_user.c
> > +++ b/net/xfrm/xfrm_user.c
> > @@ -3200,6 +3200,24 @@ static const struct xfrm_link {
> >  	[XFRM_MSG_GETDEFAULT  - XFRM_MSG_BASE] = { .doit = xfrm_get_default   },
> >  };
> > 
> > +static int xfrm_reject_unused(int type, struct nlattr **attrs,
> > +			      struct netlink_ext_ack *extack)
> 
> Maybe call that function xfrm_reject_unused_attr to make it clear
> what is unused here?

good idea. Fixed in v13
diff mbox series

Patch

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index d34ac467a219..5d8aac0e8a6f 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -3200,6 +3200,24 @@  static const struct xfrm_link {
 	[XFRM_MSG_GETDEFAULT  - XFRM_MSG_BASE] = { .doit = xfrm_get_default   },
 };

+static int xfrm_reject_unused(int type, struct nlattr **attrs,
+			      struct netlink_ext_ack *extack)
+{
+	if (attrs[XFRMA_SA_DIR]) {
+		switch (type) {
+		case XFRM_MSG_NEWSA:
+		case XFRM_MSG_UPDSA:
+		case XFRM_MSG_ALLOCSPI:
+			break;
+		default:
+			NL_SET_ERR_MSG(extack, "Invalid attribute SA_DIR");
+			return -EINVAL;
+		}
+	}
+
+	return 0;
+}
+
 static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
 			     struct netlink_ext_ack *extack)
 {
@@ -3259,6 +3277,12 @@  static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
 	if (err < 0)
 		goto err;

+	if (!link->nla_pol || link->nla_pol == xfrma_policy) {
+		err = xfrm_reject_unused((type + XFRM_MSG_BASE), attrs, extack);
+		if (err < 0)
+			goto err;
+	}
+
 	if (link->doit == NULL) {
 		err = -EINVAL;
 		goto err;